The revelation that two U.S. environmental satellites were hacked in 2007 and 2008 grabbed the attention of commercial satellite communications providers, who have been urging the U.S. military to buy even more civilian bandwidth and use commercial satellites as hosts for military communications payloads. Executives are vying for competitive advantage by touting their security measures, even as they voice quiet frustration over their unsuccessful effort to establish a collaborative cybersecurity center that could have alerted them to threats like those against the Landsat 7 and Terra imaging satellites.
In November, the U.S.-China Economic and Security Review Commission revealed in a report to Congress that unknown hackers breached the command links to Landsat 7, an imaging satellite launched in 1999 for the U.S. Geological Survey, and Terra, launched in 2000 to carry a climate change sensor for NASA.
The commission noted that an attacker who accesses a satellite’s control system can “damage or destroy the satellite.” Independent experts were more specific. Hackers could have turned Terra’s thermal detectors toward the sun, burning them out, they said. An intruder who managed to hack into a geosynchronous communications satellite might be able to turn off that satellite’s communications to an entire region or order the satellite to fire its thrusters, bumping it out of its internationally assigned orbit.
In the case of Landsat 7 and Terra, the hackers created highly specialized radio frequency signals and transmitted the signals to the spacecraft from the Svalbard ground station in Norway. They did so on four occasions in 2007 and 2008. The commission was most specific about the probing of Terra. On June 20, 2008, hackers “achieved all steps required to command” NASA’s Terra, “but did not issue commands,” the commission said.
Government and industry officials acknowledge being surprised by the Landsat-Terra revelation, but they point out that newer spacecraft have stronger safeguards, including National Security Agency-approved encryption for their command links. By contrast, the blueprints for Landsat 7 and Terra were finalized years before they were launched. Still, officials said, the incidents illustrate the determination of hackers and the necessity for the industry to be ready for new tactics.
For executives in the communications industry, the incidents were part wake-up call and part confirmation of a risk they knew was there. In 2009, the U.S. National Security Telecommunications Advisory Committee (NSTAC), a group of executives from across the industry, published a report warning of “unauthorized commanding of or preventing control of routers, switches, servers, databases, or satellite buses.” The “NSTAC Report to the President on Commercial Satellite Communications Mission Assurance” warned that satellite networks would require special safety measures to prevent hackers from sending false commands, blocking authorized commands or interfering with data transmission from the spacecraft. It was in the same report that NSTAC recommended establishing a joint coordinating center to “share cyber situational awareness” and “institutionalize the time-sensitive processes and procedures to detect, prevent, mitigate, and respond to cyber incidents of national and international consequence.”
Commercial satellite communications companies established a test version of the center in April 2010 as one element of a six-month pilot program aimed at improving all kinds of telecommunications security. For satcom, the industry wanted to assess various methods for “round-the-clock operational collaboration and information sharing” about cyber threats.
Proponents hoped creating the center would inspire the government to join them in a government-industry partnership. After all, the military’s use of commercial satellite bandwidth had risen steadily over the decades, giving the Pentagon an obvious stake in the security of the satellites providing those communications. Before the 1991 Persian Gulf War, U.S. military satellites provided 80 percent of the bandwidth. The balance has flipped, with commercial satellites carrying 80 percent of the communications traffic. For forces overseas, the percentage is higher. In 2009, a senior U.S. military officer in Iraq reported that 96 percent of U.S. Central Command’s communications requirements were being met by commercial satellites, a figure that industry officials do not doubt.
“There is a real concern about protection of that 96 percent of communications going into and out of theater,” said retired U.S. Navy Cmdr. J.J. Shaw, director for North America and global naval programs for Inmarsat Government US, which sells services to the U.S. government.
At first, the odds of government experts joining the center looked promising. In June, the Obama administration published an updated National Space Policy calling for improvements to the “resilience of mission-essential functions” enabled by civilian, commercial, scientific and “national security” satellites, a term referring to military spacecraft and also spy satellites. In November, U.S. government and industry space experts met at the National Defense University to examine the vulnerabilities of those satellites and their ground infrastructures.
“There was a consensus among participants that an attack on space capabilities will almost certainly be preceded by a cyber attack,” according to a report drafted by attendees of the conference on Securing Space Assets for Peace and Future Conflict.
The joint coordinating center never got beyond the pilot-program stage, however, for reasons that remain unclear. When asked about the short-lived center, officials at the government agencies whose cooperation would be vital declined to comment. Army Col. Rivers Johnson, spokesman for U.S. Cyber Command; Peter Sauve, director of the Cyber Command’s Global Satellite Communications Support Center; and Sam Davis, Cyber Command’s commercial operations satellite communications manager for support, declined to discuss the joint coordinating center or any steps the Defense Department was taking to work with commercial satellite firms to improve cybersecurity. They referred questions to the Defense Information Systems Agency (DISA), which said it is working with industry to improve security.
Industry executives declined to speak on the record about the demise of the joint coordinating center, but pointed out privately the many obstacles that government and industry face in trying to jointly address evolving cyber threats. Many of the major commercial satellite communications companies are foreign-owned. Only a few top officials in each company possess clearances to participate in secret government briefings on emerging threats and efforts to shore up vulnerable elements of the communications infrastructure.
One industry official noted that, even if he learned classified information on the latest threats, he would be unable to share that information with key members of his security staff who do not possess similar clearances. Government and industry officials “want to work together and have a lot to offer each other,” another industry official said. “But because of various secrecy laws and requirements, we can’t. It’s a Catch-22.”
One thing that is certain is that cyber threats are growing more numerous.
In 2011 alone, IntelsatONE, the terrestrial network that links customers to Intelsat’s geosynchronous communications satellites, identified about 300,000 denial-of-service attacks, said Kay Sears, president of Intelsat General Corp.
Individual hackers are not the only ones targeting communications networks. Criminal organizations break into networks seeking economic gain, and nation-states use cyber attacks to challenge U.S. economic and military might. The U.S.-China Economic and Security Review Commission noted in its recent report to Congress that “authoritative Chinese military writings advocate attacks on space-to-ground communications links and ground-based satellite control facilities in the event of a conflict.”
The Defense Department and commercial providers are responding to efforts by lone hackers, criminal organizations and nation-states to disrupt transmissions of military video, voice and data messages. Specifically, DISA officials are scrutinizing the information security measures being taken by their commercial satellite communications vendors. Corporate security officials are stepping up precautions, paying attention to everything from the guards who patrol their satellite operations centers to the software used to flag unauthorized messages.
Companies also want Pentagon officials to share the latest intelligence on cyber threats, but that is not happening.
“Companies have worried about cybersecurity for a decade,” said Patricia Cooper, president of the Washington-based Satellite Industry Association. “The real game-changer is that the military is putting so much traffic over the commercial systems that the military’s concern about safety, security and information assurance has become a major concern for the satellite operators as well.”
U.S. government agencies face a constant barrage of attacks, Army Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, told reporters in London in November, according to a transcript. Heightened concern within the Pentagon has led to efforts to protect not only the communications networks military agencies own or lease, but also the commercial networks they rely on to transmit information around the world, said Shaw of Inmarsat.
About 38 percent of Inmarsat’s work is performed for a variety of government customers. The desire to enhance security for government customers also improves competitiveness among commercial customers.
“There is certainly no room for complacency when it comes to security,” said Martin Lewis, information technology security officer for Inmarsat. “We constantly reassess what’s going on in the cyber world and try to implement controls to address the latest threat.”
Security is perhaps most critical to Xtar, a Herndon, Va., company that provides services in the X-band, a frequency that the International Telecommunications Union reserves exclusively for government use. If Xtar can’t convince government customers to buy its services, it has no commercial customers to fall back on.
“We take security very seriously,” said Andrew Ruszkowski, Xtar’s vice president for global sales and marketing. “It’s our bread and butter.”
Heightened security is a priority for DISA, which leases commercial information technology and networking capacity for the military services. For one, DISA officials have been visiting satellite service providers to learn about their security measures firsthand. In October, for example, the agency’s then-director Lt. Gen. Carroll Pollett and staff visited Intelsat General in Bethesda, Md., outside Washington, D.C. During a series of meetings and tours, Intelsat General officials briefed the DISA representatives on a wide array of communications services as well as security and information-assurance policies, Sears said.
Those information-assurance policies include steps to avoid collision with space debris or other satellites, identify and mitigate signal interference and the ability to reroute communications in the event of disruptions.
The security thrust began in 2010, when DISA asked companies for extensive information on network security. At the time, DISA was working with the General Services Administration to start the Future Commercial Satellite Communications Services Acquisition (FCSA) initiative, which was meant to create a one-stop shop for military customers seeking satellite services. Through FCSA, DISA negotiates multiyear satellite service contracts with commercial providers and lays out detailed requirements to ensure the networks are reliable, secure and available when needed. Military customers then choose the services they need.
“The FCSA information-assurance requirements are more stringent than those of [the previous contracting vehicle] Defense Satellite Transmission Services-Global by a wide margin,” said DISA spokeswoman Tracy Sharpe. “There is a checklist to show how to meet certain information-assurance criteria.”
That 40-page checklist covers everything from audit logs and disaster recovery plans to security surrounding ground stations and encryption of command-and-control data, Lewis said.
Satellite communications companies also routinely undertake extensive reviews of their own networks.
“We just did a review of all our information-assurance controls to make sure we are compliant with all [government] mission-assurance requirements and to identify steps we can take to improve,” said Jim Chambers, Xtar’s vice president of engineering.
Securing communications transmitted to and from the satellite is important, but the overall job of safeguarding networks is far more complex. Multiple paths must be available for the commands and also the customer’s data as it courses over the network. Xtar employs National Security Agency-approved encryption for commands transmitted to and from the satellite, and backs those up with redundant encryption capabilities at the primary ground operations center and at additional locations. The company’s ground network is designed to reroute data if problems arise, and employees practice using the backup terrestrial network. Xtar also has one telemetry tracking and control facility used primarily for each of the company’s two satellites. Those telemetry tracking and control stations have visibility to both satellites, so they can back each other up if necessary, Chambers said.
In recent years, companies have augmented their internal reviews of network-security protocols with external audits, hiring computer security specialists to scour networks in search of vulnerabilities.
“These independent security consultants are the white hat version of the people who are maliciously trying to get into our networks,” Lewis said. “So if anybody can give us a true test of the type of threats we face, they can.”
Once those reviews uncover potential problems, the companies invest in technology, systems and procedures to enhance cybersecurity.
“Satellite operators have spent considerable time and money to improve the information they collect, exchange with each other, and share with the government,” said the Satellite Industry Association’s Cooper. “They’ve invested in databases and analytical tools to assess where spacecraft are, what they see in the space environment, and what kind of interference they experience. Success in on-orbit safety will require a strong relationship with U.S. Strategic Command, which hasn’t happened as quickly as some companies would like.”
This story appeared in the January-February issue of C4ISR Journal.